NIST Launches Final Guidelines for Secure Shell Access Controls

HELSINKI and WALTHAM, Mass.,Nov. 12, 2015 – SSH Communications Security today announced that the computer security division of NIST has released the final version of Interagency Report (IR) 7966, providing critical guidance for organizations to follow in order to effectively manage Secure Shell access to sensitive data. Co-authored by Secure Shell inventor and SSH chief innovation officer Tatu Ylönen, the report offers specific guidelines that comply with the security controls mandated in NIST 800-53 and the President’s Cyber Security Framework. Download the report by clicking here.

This information helps IT professionals in both the public and private sectors understand Secure Shell-related interactive and automated access management in an enterprise, focusing on the management of Secure Shell user keys, so that they can remain compliant with NIST requirements and increase the safety of their networks.

The report describes the primary categories of vulnerabilities in Secure Shell-based interactive and automated access, including:

Improperly configured access controls that can lead to a variety of serious access-based vulnerabilities

“Too often, executive leadership and their organizations are unaware of how critical Secure Shell keys are in securing access to their organizations’ most sensitive data assets. Ultimately, Secure Shell keys are the same as user credentials and ought to be managed as such. We worked with NIST and the White House Office of Science and Technology to develop and share a clear framework for managing Secure Shell access to sensitive data and addressing vulnerabilities. Following these guidelines will help organizations protect their Secure Shell keys, thereby safeguarding access to critical information assets.”

About SSH Communications Security

As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com.